Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,207
NuGet
743
pip
3,979
Pub
12
RubyGems
947
Rust
1,034
Swift
45
Unreviewed advisories
All unreviewed
5,000+

546 advisories

Loading
Unauthenticated attackers can rename "rooms" of arbitrary users. Moderate Unreviewed
CVE-2025-27561 was published Apr 16, 2025
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by... Moderate Unreviewed
CVE-2025-27575 was published Apr 16, 2025
Unauthenticated attackers can query an API endpoint and get device details. Moderate Unreviewed
CVE-2025-27719 was published Apr 16, 2025
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username... Moderate Unreviewed
CVE-2025-27927 was published Apr 16, 2025
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Moderate Unreviewed
CVE-2025-27929 was published Apr 16, 2025
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Moderate Unreviewed
CVE-2025-27565 was published Apr 16, 2025
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Moderate Unreviewed
CVE-2025-26857 was published Apr 16, 2025
An unauthenticated attacker can hijack other users' devices and potentially control them. Moderate Unreviewed
CVE-2025-25276 was published Apr 16, 2025
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of... Moderate Unreviewed
CVE-2025-24315 was published Apr 16, 2025
An attacker can export other users' plant information. Moderate Unreviewed
CVE-2025-24850 was published Apr 16, 2025
An unauthenticated attacker can check the existence of usernames in the system by querying an API. Moderate Unreviewed
CVE-2025-31933 was published Apr 15, 2025
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Moderate Unreviewed
CVE-2025-31941 was published Apr 15, 2025
An authenticated attacker can obtain any plant name by knowing the plant ID. Moderate Unreviewed
CVE-2025-31949 was published Apr 15, 2025
An unauthenticated attacker can obtain a user's plant list by knowing the username. Moderate Unreviewed
CVE-2025-31357 was published Apr 15, 2025
An attacker can change registered email addresses of other users and take over arbitrary accounts. Moderate Unreviewed
CVE-2025-27939 was published Apr 15, 2025
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's... Moderate Unreviewed
CVE-2025-30254 was published Apr 15, 2025
Unauthenticated attackers can obtain restricted information about a user's smart device... Moderate Unreviewed
CVE-2025-30514 was published Apr 15, 2025
An unauthenticated attacker can get users' emails by knowing usernames. A password reset email... Moderate Unreviewed
CVE-2025-27568 was published Apr 15, 2025
An unauthenticated attacker can infer the existence of usernames in the system by querying an API. Moderate Unreviewed
CVE-2025-24487 was published Apr 15, 2025
Unauthenticated attackers can obtain restricted information about a user's smart device... Moderate Unreviewed
CVE-2025-27938 was published Apr 15, 2025
A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been... Moderate Unreviewed
CVE-2025-3537 was published Apr 13, 2025
A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as... Moderate Unreviewed
CVE-2025-3536 was published Apr 13, 2025
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2025-3292 was published Apr 12, 2025
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2025-3282 was published Apr 12, 2025
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Job Manager allows... Moderate Unreviewed
CVE-2025-31867 was published Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database